{
lib,
config,
inputs,
...
}: let
gatusPort = 8080;
in {
imports = [inputs.nixos-hardware.nixosModules.raspberry-pi-4];
config = {
pim = {
tailscale.advertiseExitNode = true;
prometheus.enable = true;
};
facter.reportPath = ./facter.json;
system.stateVersion = "23.05";
systemd.network.networks."30-main-nic" = {
matchConfig.Name = lib.mkForce "end*";
networkConfig.IPv6AcceptRA = true;
};
deployment = {
targetHost = "warwick";
targetUser = "root";
tags = ["server"];
buildOnTarget = true;
};
boot.loader.systemd-boot.enable = lib.mkForce false;
users.users.root.openssh.authorizedKeys.keys = config.pim.ssh.keys.pim ++ config.pim.ssh.keys.niels;
fileSystems."/" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
options = ["noatime"];
};
networking.firewall.allowedTCPPorts = [gatusPort];
systemd.services.gatus.serviceConfig.EnvironmentFile = config.sops.secrets."gatus/env".path;
services.gatus = {
enable = true;
settings = {
alerting = let
default-alert = {
enabled = true;
failure-threshold = 2;
success-threshold = 1;
send-on-resolved = true;
};
in {
email = {
from = "gatus@kun.is";
host = "mail.smtp2go.com";
port = 2525;
to = "pim@kunis.nl";
client.insecure = true;
username = "$SMTP_USERNAME";
password = "$SMTP_PASSWORD";
click = "http://warwick:${toString gatusPort}";
inherit default-alert;
};
ntfy = {
url = "https://ntfy.kun.is";
token = "$NTFY_ACCESS_TOKEN";
inherit default-alert;
};
};
web.port = gatusPort;
endpoints = let
status = code: "[STATUS] == ${toString code}";
bodyContains = text: "[BODY] == pat(*${text}*)";
maxResponseTime = ms: "[RESPONSE_TIME] < ${toString ms}";
serviceEndpoints = [
{
name = "Blog";
url = "https://pim.kun.is";
conditions = [
(status 200)
(maxResponseTime 300)
];
}
{
name = "Cyberchef";
url = "https://cyberchef.kun.is";
conditions = [
(status 200)
(maxResponseTime 300)
(bodyContains "CyberChef - The Cyber Swiss Army Knife")
];
}
{
name = "HedgeDoc";
url = "https://md.kun.is/status";
conditions = [
(status 200)
(maxResponseTime 300)
"[BODY].notesCount > 0"
];
}
{
name = "Forgejo";
url = "https://git.kun.is";
conditions = [
(status 200)
(maxResponseTime 300)
(bodyContains "Forgejo: Beyond coding. We forge.")
];
}
{
name = "Authentik";
url = "https://authentik.kun.is/-/health/live/";
conditions = [
(status 200)
(maxResponseTime 300)
];
}
{
name = "Ntfy";
url = "https://ntfy.kun.is";
conditions = [
(status 200)
(maxResponseTime 300)
];
}
{
name = "Jellyfin";
url = "https://media.kun.is/health";
conditions = [
(status 200)
(maxResponseTime 300)
];
}
{
name = "Attic";
url = "https://attic.kun.is";
conditions = [
(status 200)
(bodyContains "attic push")
(maxResponseTime 300)
];
}
{
name = "Esrom";
url = "https://esrom.kun.is/seinlamp";
conditions = [
(status 200)
(bodyContains "Welcome to")
(maxResponseTime 300)
];
}
{
name = "Atuin";
url = "https://atuin.kun.is";
conditions = [
(status 200)
(maxResponseTime 300)
"[BODY].total_history > 0"
];
}
{
name = "KitchenOwl";
url = "https://boodschappen.kun.is";
conditions = [
(status 200)
(maxResponseTime 300)
(bodyContains "KitchenOwl")
];
}
{
name = "Inbucket";
url = "https://inbucket.griffin-mermaid.ts.net/status";
conditions = [
(status 200)
(maxResponseTime 300)
];
}
{
name = "FreshRSS";
url = "https://freshrss.griffin-mermaid.ts.net/i";
conditions = [
(status 401)
(maxResponseTime 300)
];
}
{
name = "Paperless-ngx";
url = "https://paperless.griffin-mermaid.ts.net/accounts/login/";
conditions = [
(status 200)
(maxResponseTime 300)
(bodyContains "Please sign in.")
];
}
{
name = "Jellyseerr";
url = "https://jellyseerr.griffin-mermaid.ts.net/login";
conditions = [
(status 200)
(maxResponseTime 300)
];
}
{
name = "Radarr";
url = "https://radarr.griffin-mermaid.ts.net";
conditions = [
(status 200)
(maxResponseTime 300)
];
}
{
name = "Sonarr";
url = "https://sonarr.griffin-mermaid.ts.net/login";
conditions = [
(status 200)
(maxResponseTime 300)
];
}
{
name = "Bazarr";
url = "https://bazarr.griffin-mermaid.ts.net/system/status";
conditions = [
(status 200)
(maxResponseTime 300)
(bodyContains "Bazarr")
];
}
{
name = "Prowlarr";
url = "https://prowlarr.griffin-mermaid.ts.net/login";
conditions = [
(status 200)
(maxResponseTime 300)
];
}
{
name = "Deluge";
url = "https://deluge.griffin-mermaid.ts.net";
conditions = [
(status 200)
(maxResponseTime 300)
];
}
{
name = "SyncThing";
url = "https://syncthing.griffin-mermaid.ts.net/";
conditions = [
(status 200)
(maxResponseTime 300)
];
}
{
name = "Radicale";
url = "https://radicale.griffin-mermaid.ts.net/.web/";
conditions = [
(status 200)
(maxResponseTime 300)
(bodyContains "Sign in")
];
}
{
name = "Nextcloud";
url = "https://nextcloud.griffin-mermaid.ts.net/status.php";
conditions = [
(status 200)
(maxResponseTime 300)
"[BODY].installed == true"
"[BODY].maintenance == false"
"[BODY].needsDbUpgrade == false"
];
}
{
name = "kms";
url = "tcp://kms.kun.is:1688";
conditions = [
"[CONNECTED] == true"
];
}
{
name = "BIND";
url = "192.168.30.134";
dns = {
query-type = "SOA";
query-name = "kun.is";
};
conditions = [
"[DNS_RCODE] == NOERROR"
];
}
{
name = "Immich";
url = "https://immich.griffin-mermaid.ts.net";
conditions = [
(status 200)
(maxResponseTime 300)
(bodyContains "To use Immich, you must enable JavaScript or use a JavaScript compatible browser.")
];
}
];
in
map
(endpoint:
endpoint
// {
interval = "5m";
alerts = [{type = "email";} {type = "ntfy";}];
})
serviceEndpoints;
};
};
};
}